<!doctype html>
<html>
<head>
<meta charset='UTF-8'><meta name='viewport' content='width=device-width initial-scale=1'>
<title>小作业</title><link href='https://fonts.loli.net/css?family=Open+Sans:400italic,700italic,700,400&subset=latin,latin-ext' rel='stylesheet' type='text/css' /><style type='text/css'>html {overflow-x: initial !important;}:root { --bg-color:#ffffff; --text-color:#333333; --select-text-bg-color:#B5D6FC; --select-text-font-color:auto; --monospace:"Lucida Console",Consolas,"Courier",monospace; }
html { font-size: 14px; background-color: var(--bg-color); color: var(--text-color); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; -webkit-font-smoothing: antialiased; }
body { margin: 0px; padding: 0px; height: auto; bottom: 0px; top: 0px; left: 0px; right: 0px; font-size: 1rem; line-height: 1.42857; overflow-x: hidden; background: inherit; tab-size: 4; }
iframe { margin: auto; }
a.url { word-break: break-all; }
a:active, a:hover { outline: 0px; }
.in-text-selection, ::selection { text-shadow: none; background: var(--select-text-bg-color); color: var(--select-text-font-color); }
#write { margin: 0px auto; height: auto; width: inherit; word-break: normal; overflow-wrap: break-word; position: relative; white-space: normal; overflow-x: visible; padding-top: 40px; }
#write.first-line-indent p { text-indent: 2em; }
#write.first-line-indent li p, #write.first-line-indent p * { text-indent: 0px; }
#write.first-line-indent li { margin-left: 2em; }
.for-image #write { padding-left: 8px; padding-right: 8px; }
body.typora-export { padding-left: 30px; padding-right: 30px; }
.typora-export .footnote-line, .typora-export li, .typora-export p { white-space: pre-wrap; }
@media screen and (max-width: 500px) {
  body.typora-export { padding-left: 0px; padding-right: 0px; }
  #write { padding-left: 20px; padding-right: 20px; }
  .CodeMirror-sizer { margin-left: 0px !important; }
  .CodeMirror-gutters { display: none !important; }
}
#write li > figure:last-child { margin-bottom: 0.5rem; }
#write ol, #write ul { position: relative; }
img { max-width: 100%; vertical-align: middle; }
button, input, select, textarea { color: inherit; font: inherit; }
input[type="checkbox"], input[type="radio"] { line-height: normal; padding: 0px; }
*, ::after, ::before { box-sizing: border-box; }
#write h1, #write h2, #write h3, #write h4, #write h5, #write h6, #write p, #write pre { width: inherit; }
#write h1, #write h2, #write h3, #write h4, #write h5, #write h6, #write p { position: relative; }
p { line-height: inherit; }
h1, h2, h3, h4, h5, h6 { break-after: avoid-page; break-inside: avoid; orphans: 4; }
p { orphans: 4; }
h1 { font-size: 2rem; }
h2 { font-size: 1.8rem; }
h3 { font-size: 1.6rem; }
h4 { font-size: 1.4rem; }
h5 { font-size: 1.2rem; }
h6 { font-size: 1rem; }
.md-math-block, .md-rawblock, h1, h2, h3, h4, h5, h6, p { margin-top: 1rem; margin-bottom: 1rem; }
.hidden { display: none; }
.md-blockmeta { color: rgb(204, 204, 204); font-weight: 700; font-style: italic; }
a { cursor: pointer; }
sup.md-footnote { padding: 2px 4px; background-color: rgba(238, 238, 238, 0.7); color: rgb(85, 85, 85); border-radius: 4px; cursor: pointer; }
sup.md-footnote a, sup.md-footnote a:hover { color: inherit; text-transform: inherit; text-decoration: inherit; }
#write input[type="checkbox"] { cursor: pointer; width: inherit; height: inherit; }
figure { overflow-x: auto; margin: 1.2em 0px; max-width: calc(100% + 16px); padding: 0px; }
figure > table { margin: 0px !important; }
tr { break-inside: avoid; break-after: auto; }
thead { display: table-header-group; }
table { border-collapse: collapse; border-spacing: 0px; width: 100%; overflow: auto; break-inside: auto; text-align: left; }
table.md-table td { min-width: 32px; }
.CodeMirror-gutters { border-right: 0px; background-color: inherit; }
.CodeMirror-linenumber { user-select: none; }
.CodeMirror { text-align: left; }
.CodeMirror-placeholder { opacity: 0.3; }
.CodeMirror pre { padding: 0px 4px; }
.CodeMirror-lines { padding: 0px; }
div.hr:focus { cursor: none; }
#write pre { white-space: pre-wrap; }
#write.fences-no-line-wrapping pre { white-space: pre; }
#write pre.ty-contain-cm { white-space: normal; }
.CodeMirror-gutters { margin-right: 4px; }
.md-fences { font-size: 0.9rem; display: block; break-inside: avoid; text-align: left; overflow: visible; white-space: pre; background: inherit; position: relative !important; }
.md-diagram-panel { width: 100%; margin-top: 10px; text-align: center; padding-top: 0px; padding-bottom: 8px; overflow-x: auto; }
#write .md-fences.mock-cm { white-space: pre-wrap; }
.md-fences.md-fences-with-lineno { padding-left: 0px; }
#write.fences-no-line-wrapping .md-fences.mock-cm { white-space: pre; overflow-x: auto; }
.md-fences.mock-cm.md-fences-with-lineno { padding-left: 8px; }
.CodeMirror-line, twitterwidget { break-inside: avoid; }
.footnotes { opacity: 0.8; font-size: 0.9rem; margin-top: 1em; margin-bottom: 1em; }
.footnotes + .footnotes { margin-top: 0px; }
.md-reset { margin: 0px; padding: 0px; border: 0px; outline: 0px; vertical-align: top; background: 0px 0px; text-decoration: none; text-shadow: none; float: none; position: static; width: auto; height: auto; white-space: nowrap; cursor: inherit; -webkit-tap-highlight-color: transparent; line-height: normal; font-weight: 400; text-align: left; box-sizing: content-box; direction: ltr; }
li div { padding-top: 0px; }
blockquote { margin: 1rem 0px; }
li .mathjax-block, li p { margin: 0.5rem 0px; }
li { margin: 0px; position: relative; }
blockquote > :last-child { margin-bottom: 0px; }
blockquote > :first-child, li > :first-child { margin-top: 0px; }
.footnotes-area { color: rgb(136, 136, 136); margin-top: 0.714rem; padding-bottom: 0.143rem; white-space: normal; }
#write .footnote-line { white-space: pre-wrap; }
@media print {
  body, html { border: 1px solid transparent; height: 99%; break-after: avoid; break-before: avoid; font-variant-ligatures: no-common-ligatures; }
  #write { margin-top: 0px; padding-top: 0px; border-color: transparent !important; }
  .typora-export * { -webkit-print-color-adjust: exact; }
  html.blink-to-pdf { font-size: 13px; }
  .typora-export #write { padding-left: 32px; padding-right: 32px; padding-bottom: 0px; break-after: avoid; }
  .typora-export #write::after { height: 0px; }
}
.footnote-line { margin-top: 0.714em; font-size: 0.7em; }
a img, img a { cursor: pointer; }
pre.md-meta-block { font-size: 0.8rem; min-height: 0.8rem; white-space: pre-wrap; background: rgb(204, 204, 204); display: block; overflow-x: hidden; }
p > .md-image:only-child:not(.md-img-error) img, p > img:only-child { display: block; margin: auto; }
#write.first-line-indent p > .md-image:only-child:not(.md-img-error) img { left: -2em; position: relative; }
p > .md-image:only-child { display: inline-block; width: 100%; }
#write .MathJax_Display { margin: 0.8em 0px 0px; }
.md-math-block { width: 100%; }
.md-math-block:not(:empty)::after { display: none; }
[contenteditable="true"]:active, [contenteditable="true"]:focus, [contenteditable="false"]:active, [contenteditable="false"]:focus { outline: 0px; box-shadow: none; }
.md-task-list-item { position: relative; list-style-type: none; }
.task-list-item.md-task-list-item { padding-left: 0px; }
.md-task-list-item > input { position: absolute; top: 0px; left: 0px; margin-left: -1.2em; margin-top: calc(1em - 10px); border: none; }
.math { font-size: 1rem; }
.md-toc { min-height: 3.58rem; position: relative; font-size: 0.9rem; border-radius: 10px; }
.md-toc-content { position: relative; margin-left: 0px; }
.md-toc-content::after, .md-toc::after { display: none; }
.md-toc-item { display: block; color: rgb(65, 131, 196); }
.md-toc-item a { text-decoration: none; }
.md-toc-inner:hover { text-decoration: underline; }
.md-toc-inner { display: inline-block; cursor: pointer; }
.md-toc-h1 .md-toc-inner { margin-left: 0px; font-weight: 700; }
.md-toc-h2 .md-toc-inner { margin-left: 2em; }
.md-toc-h3 .md-toc-inner { margin-left: 4em; }
.md-toc-h4 .md-toc-inner { margin-left: 6em; }
.md-toc-h5 .md-toc-inner { margin-left: 8em; }
.md-toc-h6 .md-toc-inner { margin-left: 10em; }
@media screen and (max-width: 48em) {
  .md-toc-h3 .md-toc-inner { margin-left: 3.5em; }
  .md-toc-h4 .md-toc-inner { margin-left: 5em; }
  .md-toc-h5 .md-toc-inner { margin-left: 6.5em; }
  .md-toc-h6 .md-toc-inner { margin-left: 8em; }
}
a.md-toc-inner { font-size: inherit; font-style: inherit; font-weight: inherit; line-height: inherit; }
.footnote-line a:not(.reversefootnote) { color: inherit; }
.md-attr { display: none; }
.md-fn-count::after { content: "."; }
code, pre, samp, tt { font-family: var(--monospace); }
kbd { margin: 0px 0.1em; padding: 0.1em 0.6em; font-size: 0.8em; color: rgb(36, 39, 41); background: rgb(255, 255, 255); border: 1px solid rgb(173, 179, 185); border-radius: 3px; box-shadow: rgba(12, 13, 14, 0.2) 0px 1px 0px, rgb(255, 255, 255) 0px 0px 0px 2px inset; white-space: nowrap; vertical-align: middle; }
.md-comment { color: rgb(162, 127, 3); opacity: 0.8; font-family: var(--monospace); }
code { text-align: left; vertical-align: initial; }
a.md-print-anchor { white-space: pre !important; border-width: initial !important; border-style: none !important; border-color: initial !important; display: inline-block !important; position: absolute !important; width: 1px !important; right: 0px !important; outline: 0px !important; background: 0px 0px !important; text-decoration: initial !important; text-shadow: initial !important; }
.md-inline-math .MathJax_SVG .noError { display: none !important; }
.html-for-mac .inline-math-svg .MathJax_SVG { vertical-align: 0.2px; }
.md-math-block .MathJax_SVG_Display { text-align: center; margin: 0px; position: relative; text-indent: 0px; max-width: none; max-height: none; min-height: 0px; min-width: 100%; width: auto; overflow-y: hidden; display: block !important; }
.MathJax_SVG_Display, .md-inline-math .MathJax_SVG_Display { width: auto; margin: inherit; display: inline-block !important; }
.MathJax_SVG .MJX-monospace { font-family: var(--monospace); }
.MathJax_SVG .MJX-sans-serif { font-family: sans-serif; }
.MathJax_SVG { display: inline; font-style: normal; font-weight: 400; line-height: normal; zoom: 90%; text-indent: 0px; text-align: left; text-transform: none; letter-spacing: normal; word-spacing: normal; overflow-wrap: normal; white-space: nowrap; float: none; direction: ltr; max-width: none; max-height: none; min-width: 0px; min-height: 0px; border: 0px; padding: 0px; margin: 0px; }
.MathJax_SVG * { transition: none 0s ease 0s; }
.MathJax_SVG_Display svg { vertical-align: middle !important; margin-bottom: 0px !important; margin-top: 0px !important; }
.os-windows.monocolor-emoji .md-emoji { font-family: "Segoe UI Symbol", sans-serif; }
.md-diagram-panel > svg { max-width: 100%; }
[lang="flow"] svg, [lang="mermaid"] svg { max-width: 100%; height: auto; }
[lang="mermaid"] .node text { font-size: 1rem; }
table tr th { border-bottom: 0px; }
video { max-width: 100%; display: block; margin: 0px auto; }
iframe { max-width: 100%; width: 100%; border: none; }
.highlight td, .highlight tr { border: 0px; }
svg[id^="mermaidChart"] { line-height: 1em; }
mark { background: rgb(255, 255, 0); color: rgb(0, 0, 0); }
.md-html-inline .md-plain, .md-html-inline strong, mark .md-inline-math, mark strong { color: inherit; }
mark .md-meta { color: rgb(0, 0, 0); opacity: 0.3 !important; }


:root {
    --side-bar-bg-color: #fafafa;
    --control-text-color: #777;
}

@include-when-export url(https://fonts.loli.net/css?family=Open+Sans:400italic,700italic,700,400&subset=latin,latin-ext);

html {
    font-size: 16px;
}

body {
    font-family: "Open Sans","Clear Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
    color: rgb(51, 51, 51);
    line-height: 1.6;
}

#write {
    max-width: 860px;
  	margin: 0 auto;
  	padding: 30px;
    padding-bottom: 100px;
}

@media only screen and (min-width: 1400px) {
	#write {
		max-width: 1024px;
	}
}

@media only screen and (min-width: 1800px) {
	#write {
		max-width: 1200px;
	}
}

#write > ul:first-child,
#write > ol:first-child{
    margin-top: 30px;
}

a {
    color: #4183C4;
}
h1,
h2,
h3,
h4,
h5,
h6 {
    position: relative;
    margin-top: 1rem;
    margin-bottom: 1rem;
    font-weight: bold;
    line-height: 1.4;
    cursor: text;
}
h1:hover a.anchor,
h2:hover a.anchor,
h3:hover a.anchor,
h4:hover a.anchor,
h5:hover a.anchor,
h6:hover a.anchor {
    text-decoration: none;
}
h1 tt,
h1 code {
    font-size: inherit;
}
h2 tt,
h2 code {
    font-size: inherit;
}
h3 tt,
h3 code {
    font-size: inherit;
}
h4 tt,
h4 code {
    font-size: inherit;
}
h5 tt,
h5 code {
    font-size: inherit;
}
h6 tt,
h6 code {
    font-size: inherit;
}
h1 {
    padding-bottom: .3em;
    font-size: 2.25em;
    line-height: 1.2;
    border-bottom: 1px solid #eee;
}
h2 {
   padding-bottom: .3em;
    font-size: 1.75em;
    line-height: 1.225;
    border-bottom: 1px solid #eee;
}
h3 {
    font-size: 1.5em;
    line-height: 1.43;
}
h4 {
    font-size: 1.25em;
}
h5 {
    font-size: 1em;
}
h6 {
   font-size: 1em;
    color: #777;
}
p,
blockquote,
ul,
ol,
dl,
table{
    margin: 0.8em 0;
}
li>ol,
li>ul {
    margin: 0 0;
}
hr {
    height: 2px;
    padding: 0;
    margin: 16px 0;
    background-color: #e7e7e7;
    border: 0 none;
    overflow: hidden;
    box-sizing: content-box;
}

li p.first {
    display: inline-block;
}
ul,
ol {
    padding-left: 30px;
}
ul:first-child,
ol:first-child {
    margin-top: 0;
}
ul:last-child,
ol:last-child {
    margin-bottom: 0;
}
blockquote {
    border-left: 4px solid #dfe2e5;
    padding: 0 15px;
    color: #777777;
}
blockquote blockquote {
    padding-right: 0;
}
table {
    padding: 0;
    word-break: initial;
}
table tr {
    border-top: 1px solid #dfe2e5;
    margin: 0;
    padding: 0;
}
table tr:nth-child(2n),
thead {
    background-color: #f8f8f8;
}
table tr th {
    font-weight: bold;
    border: 1px solid #dfe2e5;
    border-bottom: 0;
    margin: 0;
    padding: 6px 13px;
}
table tr td {
    border: 1px solid #dfe2e5;
    margin: 0;
    padding: 6px 13px;
}
table tr th:first-child,
table tr td:first-child {
    margin-top: 0;
}
table tr th:last-child,
table tr td:last-child {
    margin-bottom: 0;
}

.CodeMirror-lines {
    padding-left: 4px;
}

.code-tooltip {
    box-shadow: 0 1px 1px 0 rgba(0,28,36,.3);
    border-top: 1px solid #eef2f2;
}

.md-fences,
code,
tt {
    border: 1px solid #e7eaed;
    background-color: #f8f8f8;
    border-radius: 3px;
    padding: 0;
    padding: 2px 4px 0px 4px;
    font-size: 0.9em;
}

code {
    background-color: #f3f4f4;
    padding: 0 2px 0 2px;
}

.md-fences {
    margin-bottom: 15px;
    margin-top: 15px;
    padding-top: 8px;
    padding-bottom: 6px;
}


.md-task-list-item > input {
  margin-left: -1.3em;
}

@media print {
    html {
        font-size: 13px;
    }
    table,
    pre {
        page-break-inside: avoid;
    }
    pre {
        word-wrap: break-word;
    }
}

.md-fences {
	background-color: #f8f8f8;
}
#write pre.md-meta-block {
	padding: 1rem;
    font-size: 85%;
    line-height: 1.45;
    background-color: #f7f7f7;
    border: 0;
    border-radius: 3px;
    color: #777777;
    margin-top: 0 !important;
}

.mathjax-block>.code-tooltip {
	bottom: .375rem;
}

.md-mathjax-midline {
    background: #fafafa;
}

#write>h3.md-focus:before{
	left: -1.5625rem;
	top: .375rem;
}
#write>h4.md-focus:before{
	left: -1.5625rem;
	top: .285714286rem;
}
#write>h5.md-focus:before{
	left: -1.5625rem;
	top: .285714286rem;
}
#write>h6.md-focus:before{
	left: -1.5625rem;
	top: .285714286rem;
}
.md-image>.md-meta {
    /*border: 1px solid #ddd;*/
    border-radius: 3px;
    padding: 2px 0px 0px 4px;
    font-size: 0.9em;
    color: inherit;
}

.md-tag {
    color: #a7a7a7;
    opacity: 1;
}

.md-toc { 
    margin-top:20px;
    padding-bottom:20px;
}

.sidebar-tabs {
    border-bottom: none;
}

#typora-quick-open {
    border: 1px solid #ddd;
    background-color: #f8f8f8;
}

#typora-quick-open-item {
    background-color: #FAFAFA;
    border-color: #FEFEFE #e5e5e5 #e5e5e5 #eee;
    border-style: solid;
    border-width: 1px;
}

/** focus mode */
.on-focus-mode blockquote {
    border-left-color: rgba(85, 85, 85, 0.12);
}

header, .context-menu, .megamenu-content, footer{
    font-family: "Segoe UI", "Arial", sans-serif;
}

.file-node-content:hover .file-node-icon,
.file-node-content:hover .file-node-open-state{
    visibility: visible;
}

.mac-seamless-mode #typora-sidebar {
    background-color: #fafafa;
    background-color: var(--side-bar-bg-color);
}

.md-lang {
    color: #b4654d;
}

.html-for-mac .context-menu {
    --item-hover-bg-color: #E6F0FE;
}

#md-notification .btn {
    border: 0;
}

.dropdown-menu .divider {
    border-color: #e5e5e5;
}

.ty-preferences .window-content {
    background-color: #fafafa;
}

.ty-preferences .nav-group-item.active {
    color: white;
    background: #999;
}


</style>
</head>
<body class='typora-export os-windows' >
<div  id='write'  class = 'is-node'><h1><a name="tees在risc-v框架下的实现" class="md-header-anchor"></a><span>TEEs在RISC-V框架下的实现</span></h1><h2><a name="risc-v框架" class="md-header-anchor"></a><span>RISC-V框架</span></h2><p><span>RISC-V是一个开源的指令集架构。</span></p><h3><a name="risc-v架构简介与当前x86指令集相比）" class="md-header-anchor"></a><span>RISC-V架构简介（与当前x86指令集相比）</span></h3><h4><a name="特权模式" class="md-header-anchor"></a><span>特权模式</span></h4><figure><table><thead><tr><th><span>工作模式（特权模式）</span></th><th><span>简介</span></th></tr></thead><tbody><tr><td><span>机器模式（machine mode）</span></td><td><span>必选模式。最高级特权，运行于机器模式下的代码是固有可信的</span></td></tr><tr><td><span>Hypervisor</span></td><td><span>可选模式，支持虚拟机/监视器</span></td></tr><tr><td><span>监督模式（Supervisor mode）</span></td><td><span>可选模式，操作系统</span></td></tr><tr><td><span>用户模式（User mode）</span></td><td><span>可选模式，虚拟机监视器</span></td></tr></tbody></table></figure><h4><a name="模块化的指令子集" class="md-header-anchor"></a><span>模块化的指令子集</span></h4><p><span>	</span><span>RISC-V的指令集使用模块化的方式进行组织，每个模块使用一个英文字母表示，包括MAFDC。如表1所示。</span></p><p><img src="\image\image-20200629155419340.png" referrerpolicy="no-referrer" alt="image-20200629155419340"></p><p><span>	</span><span>RISC-V最基本也是强制要求实现的指令集部分是有I字符表示的基本整数指令子集。</span></p><p><span>	</span><span>C: 为了提高代码密度，RISC-V架构提供可选的“压缩”指令子集，编码长度为16比特，普通为32比特。</span></p><p><span>	</span><span>IMAFD：“通用组合”，由字母“G”表示。因此RV32G表示为RV32IMAFD。</span></p><p><span>	</span><span>E：“嵌入式”架构，该架构主要用于追求极低面积与工号的深嵌入式场景，经需要支持16个通用整数寄存器</span></p><p><strong><span>总结</span></strong><span>：通过以上的模块化指令集，能够选择不同的组合来满足不同的应用。</span></p><h4><a name="可配置的通用寄存器组" class="md-header-anchor"></a><span>可配置的通用寄存器组</span></h4><p><span>RISC-V支持32位或64位架构，分别是RV32和RV64。</span></p><p><span>RV32：通用寄存器宽度为32比特；RV64：通用寄存器宽度为64比特</span></p><p><span>RISC-V整数通用寄存器组：32个（I架构） or 16个（E架构）</span></p><p><span>浮点模块（F or D）:需要一个独立的浮点寄存器组，32个通用浮点寄存器，仅使用F模块，则寄存器宽度为32，否则为64</span></p><h4><a name="规整的指令编码" class="md-header-anchor"></a><span>规整的指令编码</span></h4><p><span>	</span><span>RISC-V的指令集编码非常规整，指令所需的通用寄存器的索引（Index）都被放在固定的位置。因此指令译码器可以非常便捷的译码然后读取通用寄存器组（优化处理器流水线作业，提高处理器性能和优化时序）</span></p><p><img src="\image\image-20200629160315490.png" referrerpolicy="no-referrer" alt="image-20200629160315490"></p><h4><a name="简洁的存储器访问指令" class="md-header-anchor"></a><span>简洁的存储器访问指令</span></h4><p><span>	</span><span>RISC-V架构使用专用的存储器读（Load）指令和存储器写（Store）指令访问存储器（Memory），其他的普通指令无法访问存储器。</span></p><p><span>	</span><span>存储器访问的基本单位是字节（Byte）。RISC-V的存储器读和存储器写指令支持一个字节（8位），半字（16位），单字（32位）为单位的存储器读写操作，如果是64位架构还可以支持一个双字（64位）为单位的存储器读写操作。</span></p><ol start='' ><li><span>RISC-V推荐使用地址对其的存储器读写操作，但是非对其的也支持</span></li><li><span>RISC-V仅支持小端模式</span></li><li><span>RISC-V的存储器读写指令不支持地址自增、自减模式，降低设计处理器难度</span></li><li><span>RISC-V采用</span><strong><span>松散存储器模型</span></strong><span>（Relaxed Memory Model）</span></li></ol><h3><a name="优点相对于x86arm指令集）" class="md-header-anchor"></a><span>优点（相对于x86,ARM指令集）</span></h3><p><span>总结如表2所示，博客地址：</span><a href='https://blog.csdn.net/zoomdy/article/details/79580529' target='_blank' class='url'>https://blog.csdn.net/zoomdy/article/details/79580529</a></p><ol start='' ><li><p><span>架构简洁：</span></p><p><span>	</span><span>x86、arm架构等成熟的商业架构，为了保证向后兼容，不得不保留许多过时的定义。而如今才推出的RISC-V架构，没有向后兼容的历史包袱，无病一身轻。</span></p></li><li><p><span>模块化</span></p><p><span>	</span><span>RISC-V具有模块化架构，其不同部分可以以模块的方式组织在一起，从而试图通过一套同意的架构满足各种不同的应用，满足不同场景。</span></p></li><li><p><span>指令简洁</span></p><p><span>	</span><span>基本的RISC-V指令数据仅有40多条，加上其他的模块化扩展指令总共几十条</span></p><p><img src="\image\image-20200629160848442.png" referrerpolicy="no-referrer" alt="image-20200629160848442"></p></li></ol><h2><a name="方案一sanctum" class="md-header-anchor"></a><span>方案一：Sanctum</span></h2><h3><a name="研究背景" class="md-header-anchor"></a><span>研究背景</span></h3><ol start='' ><li><span>SGX无法保证软件隔离（software isolation）。SGX可以抵抗所有直接的安全攻击，但是无法抵抗侧信道攻击（“side channel attack”）</span></li><li><span>由于SGX的大量实现细节没有被公开，只有Intel本身才能论证/改进SGX的安全性</span></li></ol><p><strong><span>定义 software side channel attack</span></strong><span> 攻击者通过分析软件的内存访问模式，获取秘密信息（analysis an isolated container&#39;s memory access pattern to infer private information）,如cache timing attack</span></p><h3><a name="主要贡献" class="md-header-anchor"></a><span>主要贡献</span></h3><ol start='' ><li><span>软件隔离框架（software isolation scheme）Sanctum：可以抵抗软件侧信道攻击，如cache timing attack, passive address translation attacks</span></li><li><span>Sanctum框架仅涉及到较少的硬件改动：包括支持security monitor</span></li><li><span>在支持RISC-V开源指令集的Rocket Chip中实现了Sanctum</span></li></ol><h3><a name="软件设计" class="md-header-anchor"></a><span>软件设计</span></h3><ol start='' ><li><span>Sanctum的软件设计与SGX大致相同，最大的不同在于将SGX的microcode替换为Security monitor</span></li><li><span>Sanctum将资源管理（resource management）交给不受信任的系统软件进行管理（OS），但Sanctum检查系统软件的资源管理决策并将他们提交（commit）给硬件配置寄存器（hardware configuration register）</span></li></ol><p><img src="\image\clip_image001.png" referrerpolicy="no-referrer"></p><h4><a name="mesurement-root" class="md-header-anchor"></a><span>Mesurement Root</span></h4><ol start='' ><li><span>on-chip ROM, 物理地址的最顶层</span></li></ol><p><span>主要职责：</span></p><ol start='' ><li><p><span>产生security monitor的measure，即hash</span></p></li><li><p><span>产生security monitor的attestation key pair和attestation证书，并设置security monitor的attestation key existing flag，则在下一次boot时不会重复生成attestation key pair</span></p></li><li><p><span>产生security monitor的symmetric key，用于加密security monitor的private attestation key，并将其存储在SPI flash memory chip中。security monitor的public attestation key和证书将公开存储</span></p></li><li><p><span>在将控制权交给security monitor之前，mroot加锁防止任何软件在reset之前访问processor&#39;s symmetric key derivation seed和private key。这防止恶意的security monitor衍生其他monitor的symmetric key。</span></p><p><span>以上描述的所有流程可由下图描述</span></p><p><img src="\image\image-20200630102608076.png" referrerpolicy="no-referrer" alt="image-20200630102608076"></p></li></ol><h4><a name="security-monitor" class="md-header-anchor"></a><span>Security Monitor</span></h4><ol start='' ><li><p><span>运行于Machine mode（RISC-V），存储与非易失性存储介质（SPI flash chip等），可以相应CPU的I/O请求</span></p></li><li><p><span>主要职责</span></p><ol start='' ><li><p><span>DRAM region分配</span></p></li><li><p><span>Metadata region管理</span></p></li><li><p><span>Enclave管理</span></p><ul><li><span>Enclave生命周期</span></li><li><span>Interrupt &amp; fault处理</span></li><li><span>内存隔离</span></li></ul></li></ol></li></ol><h5><a name="主要职责" class="md-header-anchor"></a><span>主要职责</span></h5><p><span>职责一：DRAM region分配</span></p><p><span>	</span><strong><span>DRAM regions</span></strong><span>的分配状态图如Figure 13所示</span></p><p><span>	</span><span>Block：OS分配DRAM region的第一个阶段。在block之后，所有指向该region的寻址都将导致page fault。</span></p><p><span>	</span><span>Free：OS free DRAM region前，将flush所有core的TLB，清除过期的TLB表项（TLB shootdown）</span></p><p><span>   </span></p><p><img src="\image\image-20200630152254418.png" referrerpolicy="no-referrer" alt="image-20200630152254418"></p><p><span>	</span><span>所有的DRAM资源由OS进行分配，security monitor中保存了core和DRAM的元数据。Seuciry Monitor通过这些元数据检查OS的分配行为，保证：一个DRAM region只能分配给一个Enclave。元数据结构如Figure 14所示。</span></p><p><img src="\image\image-20200630152511931.png" referrerpolicy="no-referrer" alt="image-20200630152511931"></p><p><span>职责二：Metadata regions管理</span></p><ol start='2' ><li><span>matedata结构中包含enclave和thread的元信息，security monitor使用该信息验证OS的行为（类似于SGX中的EPC和EPCM）</span></li><li><span>enclave的metadata中包含一组mailboxes，用于enclave接受和发送信息。</span></li></ol><p><span>职责三：encalve管理</span></p><p><strong><span>creation</span></strong></p><ol start='' ><li><span>host application向OS发起system call</span></li><li><span>OS发起SMC：分配DRAM，加载enclave的初始代码和数据</span></li><li><span>security monitor产生如Figure 3所示的enclave metadata structure（相当于SGX中的SECS），当前enclave处于LOADING状态</span></li><li><span>OS发起SMC：将enclave当前状态置为INITIALIZED</span></li></ol><p><strong><span>execution</span></strong></p><ol start='' ><li><span>host application通过enclave enter API调用执行enclave代码，调用时需申明Thread structure。security monitor通过thread metadata加载PC寄存器和栈帧</span></li><li><span>enclave通过调用enclave exit API调用，归还权限。security monitor设置thread metadata中的PC和栈帧</span></li></ol><p><strong><span>interrupt</span></strong></p><ol start='' ><li><span>当enclave执行时发生interrupt：产生一个AEX(asynchronous enclave exit)，security monitor将当前寄存器值存储在Thread的AEX状态中，寄存器清零，退出enclave</span></li><li><span>恢复enclave执行：从enclave的normal entry恢复执行，enclave请求Security monitor从thread的AEX状态恢复enclave状态。且由于enclave清楚从AEX恢复，则它可以额外添加安全策略（security policy）</span></li></ol><p><strong><span>fault</span></strong></p><p><span>security monitor配置CPU，使其将所有enclave中产生的fault转到enclave的runtime处理</span></p><p><strong><span>内存隔离</span></strong></p><p><strong><span>过期缓存清理</span></strong><span>：保证enclave数据在cache的隔离。当core在enclave和non-enclave代码间转换时，security monitory将flushes 每个core的cache，如L1 cache和TLB</span></p><p><strong><span>TLB shootdown</span></strong><span>：security monitor通过一个全局的block clock保证没有任何core可以有当前region的TLB内存信息</span></p><ol start='' ><li><span>当OS block DRAM  region事，全局global clock增加，且该DRAM region的block clock设置为当前的全局block clock</span></li><li><span>当OS free DRAM时，security monitor验证没有任何core的block clock小于该DRAM的metadata的block clock</span></li></ol><p><span>在系统优化中，可以只flush拥有当前region的Enclave所在core的TLB</span></p><p><strong><span>LLC(last-leval cache) isolation</span></strong><span>: 使用Sanctum hardware extention进行实现 LLC partition。</span></p><p><strong><span>page walker extenstion</span></strong><span>: 使用Sanctum hardware extention进行实现，保证当region被assign给一个enclave后，只有region的owner才能新增指向region的TLB表项</span></p><h4><a name="enclave" class="md-header-anchor"></a><span>Enclave</span></h4><p><span>enclave&#39;s memory</span></p><p><span>	</span><span>EVRANGE(a range of vitual memory address)，存储enclave自身的代码和秘密数据（DRAM）由OS分配</span></p><p><span>host application&#39;s memory</span></p><p><span>	</span><span>enclave中除了EVRANGE之外的虚拟地址，用于访问host application的内存，由OS的page table进行寻址</span></p><p><span>per-enclave page table：</span></p><p><span>	</span><span>enclave使用独立的page table进行EVRANGE的寻址，存在于EVRANGE中，如Figure 2所示。Sanctum的硬件支持保证Enclave的page table仅能指向该enclave内存，OS的page table仅能指向OS内存。</span></p><p><img src="\image\image-20200704190602541.png" referrerpolicy="no-referrer" alt="image-20200704190602541"></p><p><span>multi-thread enclave</span></p><p><span>	</span><span>Sanctum使用了SGX的thread model，core可以通过thread metadata structure执行enclave代码。且enclave thread运行于最低权限等级（User level），保证了恶意的enclave无法执行特权操作，从而破坏OS。</span></p><ol start='' ><li><span>OS通过allocate thread SMC将page分配给uninitialized thread structure</span></li><li><span>当enclave loading时，OS通过load thread SMC初始化thread structure</span></li><li><span>当enclave初始化完成后，OS通过accept thread SMC初始化完成thread structure</span></li></ol><p><span>pre-enclave metadata</span></p><p><span>	</span><span>存储在metadata region。其中包含一个page map，被Security Monitory用于验证OS行为（类似于SGX中的EPCM）。于SGX不同的是，metadata region中仅存储了Enclave和thread的元数据。</span></p><p><img src="\image\image-20200629202335027.png" referrerpolicy="no-referrer" alt="image-20200629202335027"></p><p><span>enclave runtime</span></p><ol start='' ><li><span>fault handler：处理enclave执行期间所有的fault</span></li><li><span>system call: 处理enclave的system call，如file system或network I/O</span></li><li><span>enclave与host application交互的唯一渠道</span></li></ol><p><span>signing enclave</span></p><p><span>	</span><span>为了防止timing attack, security monitor中不做任何与key相关的操作，而将签名等密码学操作转给signing enclave。工作流程如Figure 12所示，具体如下：</span></p><ol start='' ><li><p><span>security monitor通过measure检查signing enclave的身份</span></p></li><li><p><span>检查通过后，security monitor将attestation private key复制到signing enclave的内存空间</span></p></li><li><p><span>signing enclave验证调用enclave的身份，并将该enclave的measurement和data放入attestation中</span></p><p><img src="\image\image-20200630152015439.png" referrerpolicy="no-referrer" alt="image-20200630152015439"></p></li></ol><h3><a name="硬件设计" class="md-header-anchor"></a><span>硬件设计</span></h3><h4><a name="llc-address-input-transformation" class="md-header-anchor"></a><span>LLC Address Input Transformation</span></h4><p><span>如Figure 4所示为，21-bit 物理地址；4096-byte page；LLC由512 sets和64-byte line，256 KB的DRAM</span></p><p><img src="\image\image-20200704195852169.png" referrerpolicy="no-referrer" alt="image-20200704195852169"></p><p><span>DRAM region index: PPN bits与cache set index的交集</span></p><p><span>DRAM region：DRAM的子集，具有相同的DRAM region index。如上图所示，将256KB的DRAM分割为8个region</span></p><p><span>DRAM stripe：与page等长的DRAM内存条。</span></p><p><span>	</span><span>如Figure 5所示，在没有address shift时，DRAM region在DRAM上的分配成碎片化，因此Sanctum使用cache address shifter实现分配contiguous DRAM region，具体操作如Figure 6所示。</span></p><p><img src="\image\image-20200704201813420.png" referrerpolicy="no-referrer" alt="image-20200704201813420"></p><p><img src="\image\image-20200704201851899.png" referrerpolicy="no-referrer" alt="image-20200704201851899"></p><ol start='' ><li><span>hardware support for isolation</span></li><li><span>high performance：OS可以分配连续的DRAM buffer，并可进行高效的DMA transfer</span></li></ol><h4><a name="page-walker-input" class="md-header-anchor"></a><span>page walker input</span></h4><p><span>	</span><span>eptbr寄存器：存储当前运行的enclave的page table的物理地址</span></p><p><span>	</span><span>ptbr寄存器：存储OS的page table物理地址</span></p><p><span>	</span><span>evbase: encalve vitrual address space base</span></p><p><span>	</span><span>evmask: enclave vitrual address space mask</span></p><p><span>	</span><span>eptbr寄存器和ptbr寄存器对security monitor可见，并对OS提供API接口修改ptbr。使用Figure 8所示电路决定当TLB miss fault发生时，应当使用eptbr或是ptbr指向的page table</span></p><p><img src="\image\image-20200630094440876.png" referrerpolicy="no-referrer" alt="image-20200630094440876"></p><h4><a name="page-walker-memory-access" class="md-header-anchor"></a><span>page walker memory access</span></h4><p><span>	</span><span>drbmap：DRAM region bitmap, 包括security monitor配置的当前的page table能指向的DRAM region</span></p><p><span>	</span><span>parbase：PAR base register</span></p><p><span>	</span><span>parmask：PAR mask</span></p><p><span>	</span><span>PAR：Protected address range，防止OS访问security monitor和其attestation key所在的DRAM regions</span></p><p><span>	</span><span>Sancturm架构保证page table仅能指向（reference）合法的memory。如Figure 9所示</span></p><ol start='' ><li><span>从地址中获得DRAM region index，并比较drbmap，检查是否属于当前page table能访问的region</span></li><li><span>将地址与parmask，检查page table是否指向了受保护的地址（protected address，PAR）若检查为真，则强制产生page fault推出。这种机制允许security monitor建立起一个无法被其他软件访问的内存地址，用于存储Security monitor本身的代码和数据</span></li></ol><p><img src="\image\image-20200630094700819.png" referrerpolicy="no-referrer" alt="image-20200630094700819"></p><h4><a name="dma-transfer-filtering" class="md-header-anchor"></a><span>DMA Transfer Filtering</span></h4><h2><a name="研究二komodo" class="md-header-anchor"></a><span>研究二：Komodo</span></h2><p><span>	</span><span>Komodo将Sanctum架构的设计拓展到TrustZone中。利用TrustZone提供的Security world实现security monitor。</span></p><p><span>	</span><span>当前的ARM生态环境中缺少enclave-like features。现有的Trustzone application要么假设所有secure world的代码是可信的，要么需要依赖 language-based isolation for &quot;trustlets&quot;。</span></p><h3><a name="软件设计-n249" class="md-header-anchor"></a><span>软件设计</span></h3><h4><a name="security-monitor设计" class="md-header-anchor"></a><span>Security Monitor设计</span></h4><p><strong><span>主要职责</span></strong></p><ol start='' ><li><span>manage a region of isolated physical memory</span></li><li><span>make secure page available for constructure enclave</span></li><li><span>enabling enclave execution while protecting enclave-internal state</span></li></ol><p><span>对外提供的API call如Table 1所示</span></p><p><img src="\image\image-20200705100727342.png" referrerpolicy="no-referrer" alt="image-20200705100727342"></p><p><strong><span>职责一：内存隔离</span></strong></p><p><span>PageDB: Komodo中，secure page交由OS进行分配，而Security Monitor通过PageDB追溯每个secure page的状态，类似于SGX中ECPM</span></p><p><strong><span>职责二：内存</span></strong></p><h4><a name="enclave-n264" class="md-header-anchor"></a><span>Enclave</span></h4><p><strong><span>Creation</span></strong></p><ol start='' ><li><span>OS通过InitAddrspace产生新的address space，并通过InitL2Table产生L2 page table</span></li><li><span>OS初始化address space，分配secure 和 insecre data pages，分别用于Enclave isolated memory和于OS进行数据共享</span></li><li><span>OS初始化thread，entry-point address，至此，Enclave初始化完成，可以运行。</span></li></ol><p><strong><span>Execution</span></strong></p><ol start='' ><li><span>OS通过Enter，使得Security Monitor进行non-secure world和secure world的切换，并在thread的entry-point开始执行</span></li><li><span>在Enclave 执行过程中，若有interrupt或exception（e.g. page fault）发生，Security Monitor保存当前上下文，并向OS report</span></li><li><span>Enclave可以通过supervisor call（SVC）invoke security monitor</span></li></ol><p><strong><span>Dynamic allocation</span></strong></p><ol start='' ><li><span>OS通过AllocSpare对monitor分配page</span></li><li><span>OS通过MapData或InitL2PTable放入page table</span></li></ol><p><strong><span>Deallocation</span></strong></p><ol start='' ><li><span>在enclave的page free之前，OS调用Stop停止任何相关操作</span></li><li><span>OS调用remove收回secure page</span></li></ol><h4><a name="attestation" class="md-header-anchor"></a><span>Attestation</span></h4><p><span>与Sanctum框架相同</span></p><h3><a name="硬件要求" class="md-header-anchor"></a><span>硬件要求</span></h3><p><span>Sanctum框架满足以上所有的硬件需求，与Komodo设计最大不同在于：</span></p><ol start='' ><li><span>Sanctum依赖于很大的hardware monitification</span></li><li><span>Sanctum的attestation scheme更为复杂</span></li><li><span>Sanctum的安全性依赖于未经证明的，5k+，C++实现的security monitory代码，komodo将在ARM Trustzone框架下实现Security Monitor</span></li></ol><h4><a name="isolated-memory" class="md-header-anchor"></a><span>Isolated memory</span></h4><p><span>	</span><span>一个可以保证机密性和完整性的内存region，IOMMU-like filter to partition RAM and prevent access by unprivileged software or device。文章未提出具体的实现</span></p><h4><a name="priviledged-environment-for-monitor" class="md-header-anchor"></a><span>Priviledged environment for monitor</span></h4><p><span>	</span><span>保护恶意的特权代码篡改security monitor的代码及数据，包括OS和hypervisor。满足该要求需要在OS和security monitor代码执行的secure transfer机制。</span></p><p><span>现有实现包括：</span></p><ol start='' ><li><span>SGX：security monitor被microcode engine高效提供，保证security monitor的执行时uninterruptible且protected from interference</span></li><li><span>DEC Alpha PALcode &amp; RISC-V machine mode</span></li><li><span>Trustzone security monitor mode: 当前proposal所使用</span></li></ol><h4><a name="enclave-execution-environment" class="md-header-anchor"></a><span>Enclave execution environment</span></h4><p><span>	</span><span>保护enclave的执行。Komodo让Enclave执行在它自身的虚拟地址中</span></p><h4><a name="remote-attestation" class="md-header-anchor"></a><span>Remote attestation</span></h4><p><span>	</span><span>hardware-based trust root</span></p><h4><a name="random-number-source" class="md-header-anchor"></a><span>Random number source</span></h4><p><span>	</span><span>hardware-based cryptographially secure source of randomness</span></p><h2><a name="研究三keystone" class="md-header-anchor"></a><span>研究三：Keystone</span></h2><h3><a name="研究背景-n323" class="md-header-anchor"></a><span>研究背景</span></h3><ol start='' ><li><span>当前的商业用TEE存在：1. large TCB solution； 2. one isolation domain（TrustZone）</span></li><li><span>当前一个值得探讨的研究方向：use a thin layer of trust software，如Sanctum或Komodo，可以在抵抗多种攻击的前提下，保证compatibility和较小的TCB。但是Sanctum和Komodo都有来自底层硬件的闲置（如需要硬件改动或only two security domain）</span></li></ol><h3><a name="主要贡献-n329" class="md-header-anchor"></a><span>主要贡献</span></h3><ol start='' ><li><span>可定制TEE（Customizable TEE）</span></li><li><span>提出keystone架构：keystone具有模块化架构，使得keystone可以根据要求configure, build, instantiated定制TEE</span></li><li><span>开源实现</span></li><li><span>benchmark keystone框架并提供一个真实场景下的应用</span></li></ol><h3><a name="背景知识" class="md-header-anchor"></a><span>背景知识</span></h3><h4><a name="pmpphysical-memory-protection" class="md-header-anchor"></a><span>PMP(physical memory protection)</span></h4><p><span>	</span><span>RISC-V支持对特定物理内存区域（physical memory region）在U-mode和S-mode的访问权限定义（access priviledge)，e.g. read/write/execute。</span></p><h4><a name="当前商业tee解决方案的缺点" class="md-header-anchor"></a><span>当前商业TEE解决方案的缺点</span></h4><p><span>SGX: Do not support any configuration of its memory protection</span></p><p><span>TrustZone</span></p><p><img src="\image\image-20200705150517296.png" referrerpolicy="no-referrer" alt="image-20200705150517296"></p><h3><a name="软件设计-n346" class="md-header-anchor"></a><span>软件设计</span></h3><p><img src="\image\image-20200702093507792.png" referrerpolicy="no-referrer" alt="image-20200702093507792"></p><p><span>Keystone的software stack如Figure 1所示，我们在RISC-V上实现Keystone。</span></p><h4><a name="可定制tee" class="md-header-anchor"></a><span>可定制TEE</span></h4><figure><table><thead><tr><th><span>参与方</span></th><th><span>作用</span></th></tr></thead><tbody><tr><td><span>硬件制造商（Hardware manufacurer）</span></td><td><span>设计、制造支持RISC-V的硬件（include relevant IP for trust boot）</span></td></tr><tr><td><span>Keystone平台提供商（Keystone platform provider）</span></td><td><span>购买硬件制造商提供的硬件，为用户提供可定制TEE的keystone平台，配置Security Monitor（SM）</span></td></tr><tr><td><span>Keystone用户（Keystone User）</span></td><td><span>配置RT和eapp，实例化enclave</span></td></tr><tr><td><span>Eapp用户（eapp user）</span></td><td><span>使用运行在enclave中的eapp</span></td></tr></tbody></table></figure><p><strong><span>设计原则</span></strong></p><ol start='' ><li><p><span>使用RISC-V框架的M-mode实现SM（可编程，最高优先级，硬件，PMP管理）</span></p></li><li><p><span>分离资源管理（resource management）和安全检查（security checks）</span></p><ol start='' ><li><span>Security Monitor运行于M-mode，负责enforce security policy, 仅有非常少的non-security职责，保证了较小的TCB</span></li><li><span>Runtime运行于S-Mode，负责管理Enclave的生命周期，内存管理，系统调用等。Enclave可以选择不同的RT</span></li></ol></li><li><p><span>模块化原则</span></p><ol start='' ><li><span>SM，RT，Eapp等相互独立，各个layer相互独立，并向上提供security-aware abstraction</span></li></ol></li><li><p><span>细粒度的TCB配置</span></p><ol start='' ><li><span>keystone可以为当前应用场景提供最小的TCB。enclave程序员可以优化TCB（RT配置及eapp library）</span></li></ol></li></ol><p><strong><span>Keystone开发框架</span></strong></p><p><img src="\image\image-20200702151733965.png" referrerpolicy="no-referrer" alt="image-20200702151733965"></p><h4><a name="security-monitor设计-n389" class="md-header-anchor"></a><span>Security Monitor设计</span></h4><p><span>	</span><span>Security Monitor是Keystone框架的核心，仅使用RISC-V standard feature，易于移植。且Keystone提供对SM的配置和编译。</span></p><h5><a name="内存隔离" class="md-header-anchor"></a><span>内存隔离</span></h5><p><img src="\image\image-20200702153003827.png" referrerpolicy="no-referrer" alt="image-20200702153003827"></p><p><span>	</span><span>如Figure 3所示，利用RISC-V架构的PMP，配置一个内存块region的权限。</span></p><ol start='' ><li><p><span>SM boot：SM，第一个PMP entry，包括SM的代码，数据，enclave的metadata等；剩下内存归为OS</span></p></li><li><p><span>enclave creation：SM add PMP entry，由于enclave&#39;s PMP权限较OS PMP更高，OS无法访问</span></p></li><li><p><span>control-transfer：SM使能相应enclave的PMP permission bits，去除所有OS PMP entry permission bits</span></p><p><span>每个core都有自己完整的PMP entry，在enclave creation中，PMP的变化必须同步到所有的core中。</span></p></li></ol><h5><a name="页表管理" class="md-header-anchor"></a><span>页表管理</span></h5><p><span>	</span><span>如Figure 4所示，各个方案对</span><strong><span>页表</span></strong><span>存储和管理的不同。在keystone中由于enclave中有S-mode的RT，每个enclave都可以独立进行虚拟地址管理，拥有enclave-specific page table。这使得</span></p><ol start='' ><li><span>更灵活的虚拟地址管理机制（通过选择不同的RT）</span></li><li><span>抵抗side-channel attack，由于OS无法modify或observe enclave的虚拟地址-物理地址转换</span></li></ol><p><img src="\image\image-20200702153510809.png" referrerpolicy="no-referrer" alt="image-20200702153510809"></p><h5><a name="interrupt和exception" class="md-header-anchor"></a><span>Interrupt和Exception</span></h5><p><span>在enclave执行过程中，interrupt和exception都由SM捕获后，转交RT进行处理</span></p><h5><a name="enclave生命周期" class="md-header-anchor"></a><span>Enclave生命周期</span></h5><p><strong><span>creation</span></strong></p><ol start='' ><li><span>OS初始化enclave的page table，并且allocate physical memory给enclave</span></li><li><span>SM检查enclave的measurement，验证OS load了正确的enclave binary</span></li></ol><p><strong><span>execution</span></strong></p><ol start='' ><li><span>SM sets PMP entries and transfers control to enclave entry point</span></li></ol><p><strong><span>destruction</span></strong></p><ol start='' ><li><span>SM clear the enclave memory region before return the memory to the OS</span></li><li><span>SM cleans and free all the enclave resource, PMP entries, and enclave metadata</span></li></ol><h3><a name="硬件设计-n429" class="md-header-anchor"></a><span>硬件设计</span></h3><h4><a name="硬件要求-n430" class="md-header-anchor"></a><span>硬件要求</span></h4><ol start='' ><li><span>a device-specific secret key visible only to the trusted boot process</span></li><li><span>a hardware source of randomness</span></li><li><span>a trust boot process</span></li></ol><h2><a name="研究四multizone" class="md-header-anchor"></a><span>研究四：MultiZone</span></h2><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></div>
</body>
</html>